Skip to content

feat(tools): add optional security metadata to tool definitions#2180

Open
srbhsrkr wants to merge 1 commit intostrands-agents:mainfrom
srbhsrkr:feat/tool-security-metadata
Open

feat(tools): add optional security metadata to tool definitions#2180
srbhsrkr wants to merge 1 commit intostrands-agents:mainfrom
srbhsrkr:feat/tool-security-metadata

Conversation

@srbhsrkr
Copy link
Copy Markdown

@srbhsrkr srbhsrkr commented Apr 21, 2026
edited
Loading

Summary

Closes #2154

  • Adds optional read_only, destructive, and requires_confirmation parameters to the @tool decorator and corresponding properties to AgentTool base class
  • Extends ToolSpec with a SecurityMetadata TypedDict for serializable security classification
  • Propagates security metadata through ToolRegistry and MCPAgentTool so hooks can reason about tool safety via BeforeToolCallEvent

Details

New @tool decorator parameters (all optional, backward-compatible):

@tool(read_only=True)
def list_files(directory: str) -> list[str]: ...

@tool(destructive=True, requires_confirmation=True)
def delete_file(path: str) -> str: ...

AgentTool properties with safe defaults (False):

  • is_read_only — tool only reads state
  • is_destructive — tool performs irreversible actions
  • requires_confirmation — tool should require user confirmation

Hook integrationBeforeToolCallEvent now exposes selected_tool so hooks can inspect security metadata:

def before_tool_call(self, event):
    if event.selected_tool and event.selected_tool.is_destructive:
        event.cancel_tool = "Destructive tool blocked"

Test plan

  • Unit tests for @tool decorator with security metadata combinations
  • Unit tests for AgentTool default property values
  • Unit tests for ToolRegistry metadata propagation
  • Unit tests for MCPAgentTool security metadata support
  • Unit tests for BeforeToolCallEvent.selected_tool integration
  • Backward compatibility — existing tools work unchanged
  • All 92 related tests pass

@srbhsrkr @claude
feat(tools): add optional security metadata to tool definitions
9063959 
Add read_only, destructive, and requires_confirmation boolean parameters to
the @tool decorator and corresponding properties on AgentTool, ToolSpec, and
MCPAgentTool. This enables hook-based permission policies to reason about
tool safety without hardcoding tool-name mappings.

Closes strands-agents#2154

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@srbhsrkr srbhsrkr force-pushed the feat/tool-security-metadata branch from fe4b74b to 9063959 Compare April 21, 2026 18:13
@github-actions github-actions Bot added size/l and removed size/l labels Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/l

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Add optional security metadata to tool definitions

1 participant

@srbhsrkr